CVE-2024-22026

MEDIUM

EPMM <12.1.0.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-22026. PoCs published by securekomodo.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-22026, a local privilege escalation vulnerability in Ivanti EPMM (MobileIron Core). The exploit leverages the software update process to install a malicious RPM package, granting root access via preinstall and postinstall scripts.

Description

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

Exploits (1)

nomisec WORKING POC 15 stars
by securekomodo · poc
https://github.com/securekomodo/CVE-2024-22026

This repository contains a functional exploit PoC for CVE-2024-22026, a local privilege escalation vulnerability in Ivanti EPMM (MobileIron Core). The exploit leverages the software update process to install a malicious RPM package, granting root access via preinstall and postinstall scripts.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Ivanti EPMM (MobileIron Core) versions prior to 12.1.0.0, 12.0.0.0, and 11.12.0.1
Auth required
Prerequisites: Local access to the Ivanti EPMM server · Ability to execute the 'install rpm url' command
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.7
EPSS 0.0110
EPSS Percentile 61.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (1)
ivanti/endpoint_manager_mobile < 12.1.0.0
Published May 22, 2024
Tracked Since Feb 18, 2026